commit 02bbd75d613ef05f64ea3af93dfbd8345a88044a
author Tom Sepez <tsepez@chromium.org> Fri May 17 20:51:29 2024 +0000
committer Pdfium LUCI CQ <pdfium-scoped@luci-project-accounts.iam.gserviceaccount.com> Fri May 17 20:51:29 2024 +0000
tree 29fc705b56b11dd74c759d4366778c80b20a67e7
parent a6f4b28a717036d39a337ab31fea49c6c1826621

Observe widgets earlier in CFFL_{Combo,List}Box::SaveData().

Defensive programming against a possible JS re-entry under XFA.

Fixed: 341095523
Change-Id: I59626adcad1c716d42c79e2642a2d65066eb043d
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/119318
Reviewed-by: Thomas Sepez <tsepez@google.com>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>

fpdfsdk/formfiller/cffl_combobox.cpp

diff --git a/fpdfsdk/formfiller/cffl_combobox.cpp b/fpdfsdk/formfiller/cffl_combobox.cpp
index fa53cc8..a95574b 100644
--- a/fpdfsdk/formfiller/cffl_combobox.cpp
+++ b/fpdfsdk/formfiller/cffl_combobox.cpp
@@ -90,22 +90,25 @@
   if (m_pWidget->GetFieldFlags() & pdfium::form_flags::kChoiceEdit)
     bSetValue = (nCurSel < 0) || (swText != m_pWidget->GetOptionLabel(nCurSel));
 
+  ObservedPtr<CPDFSDK_Widget> observed_widget(m_pWidget);
   if (bSetValue) {
     m_pWidget->SetValue(swText);
   } else {
     m_pWidget->GetSelectedIndex(0);
     m_pWidget->SetOptionSelection(nCurSel);
   }
-  ObservedPtr<CPDFSDK_Widget> observed_widget(m_pWidget);
+  if (!observed_widget) {
+    return;
+  }
   ObservedPtr<CFFL_ComboBox> observed_this(this);
   m_pWidget->ResetFieldAppearance();
-  if (!observed_widget)
+  if (!observed_widget) {
     return;
-
+  }
   m_pWidget->UpdateField();
-  if (!observed_widget || !observed_this)
+  if (!observed_widget || !observed_this) {
     return;
-
+  }
   SetChangeMark();
 }
 

fpdfsdk/formfiller/cffl_listbox.cpp

diff --git a/fpdfsdk/formfiller/cffl_listbox.cpp b/fpdfsdk/formfiller/cffl_listbox.cpp
index 2989840..c9e65d0 100644
--- a/fpdfsdk/formfiller/cffl_listbox.cpp
+++ b/fpdfsdk/formfiller/cffl_listbox.cpp
@@ -110,26 +110,26 @@
   }
   int32_t nNewTopIndex = pListBox->GetTopVisibleIndex();
   ObservedPtr<CPWL_ListBox> observed_box(pListBox);
+  ObservedPtr<CPDFSDK_Widget> observed_widget(m_pWidget);
   m_pWidget->ClearSelection();
-  if (!observed_box) {
+  if (!observed_box || !observed_widget) {
     return;
   }
   if (m_pWidget->GetFieldFlags() & pdfium::form_flags::kChoiceMultiSelect) {
     for (int32_t i = 0, sz = pListBox->GetCount(); i < sz; i++) {
       if (pListBox->IsItemSelected(i)) {
         m_pWidget->SetOptionSelection(i);
-        if (!observed_box) {
+        if (!observed_box || !observed_widget) {
           return;
         }
       }
     }
   } else {
     m_pWidget->SetOptionSelection(pListBox->GetCurSel());
-    if (!observed_box) {
+    if (!observed_box || !observed_widget) {
       return;
     }
   }
-  ObservedPtr<CPDFSDK_Widget> observed_widget(m_pWidget);
   ObservedPtr<CFFL_ListBox> observed_this(this);
   m_pWidget->SetTopVisibleIndex(nNewTopIndex);
   if (!observed_widget) {